package com.whz.http.web;

import lombok.extern.slf4j.Slf4j;
import org.springframework.lang.NonNull;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author whz
 */
@Slf4j
public class GlobalSecurityFilter extends OncePerRequestFilter {

  @Override
  protected void doFilterInternal(@NonNull HttpServletRequest request,
      @NonNull HttpServletResponse response,
      @NonNull FilterChain filterChain) throws ServletException, IOException {
    try {
      // 浏览器CSP(内容安全策略)推荐响应
      response.addHeader("X-Content-Type-Options", "nosniff");
      response.addHeader("X-Frame-Options", "DENY");
      response.addHeader("X-XSS-Protection", "0");
      response.addHeader("Content-Security-Policy",
          "default-src 'none'; frame-ancestors 'none'; sandbox");
      response.addHeader("Server", "");
      filterChain.doFilter(request, response);
    } catch (Exception e) {
      log.error("global security file catch ex", e);
    }
  }
}